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(54) Secure data management system 

(57) The present invention provides a system to 
ensure security of data in a computer network system. 
A center certifies a public-key of user of the system and 
distributes a secret-key. A first system comprises the 
center in a network, an information provider and a plu- 
rality of users. The center identifies utilization status by 
requests of the secret-key. The data is encrypted by the 
secret-key and is stored and transferred, while the data 
to be stored and transferred is encrypted by a secret- 
key different from the secret-key for the transferred data. 
An original data label is added to the original data, and 
an edit label is added to the edited clata, and the center " 
does not store the data and stores only the original data 
label and the edit label. A second system comprises a 
center and an information provider in a network, and a 
plurality of users utilizing the network. The center stores 
the original data and editing scenario, and also the orig- 
inal data label, user label and edit label. The data is not 
transferred between the users, but data label encrypted 
by the public-key is transferred. In electronic commerce 
system, every data is distributed through a mediator in 
the network, data which is transferred from a maker to a 
user is encrypted by a secret-key for encryption, and 
data which is transferred from the user to the maker is 
encrypted by a secret-key for re-encryption. 
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Description 

BACKGROUND OF THE INVENTION 



The present invention relates to a data manage- 
ment system for managing digital data, and in particular 
to a system, which can be effectively applied to copy- 
right management of copyrighted data, electronic com- 
merce and digital cash. 

As more and more information is available, data- 
base systems wherein many computers, which inde- 
pendently have stored various data, are connected via 
communication lines to use the data mutually are 
becoming increasingly popular. Such database system 
has been so far possible to process only coded informa- 
tion containing a small amount of information which can 
be processed by conventional computers and at the 
most monochrome binary data such as facsimile infor- 
mation, and faing to handle natural and moving pictures 
that include a substantially large amount of information. 

Digital processing techniques for various electric 
signals are being developed, and efforts are being 
made to apply such techniques to those dynamic pic- 
ture signals other than binary data which were proc- 
essed as analog signals. Since the digitization of picture 
signals enables picture signals such as television sig- 
nals to be handled by computers, people are viewing as 
a promising technique a "multimedia system" that can 
deal with both various data that can be processed by 
computers and picture data that is digitized picture sig- 
nals. 

Since picture data contains a significantly larger 
amount of information than character data or audio 
data, it cannot be stored, transmitted, or subjected to 
various processings by computers in its original form. 
Attempts have thus been made to corrpression/expan- 
sion of picture data, and some picture data compres- 
sion/expansion standards have been prepared. These 
standards include the following common standards: the 
Joint Photographic- Image -Coding- Experts" Group 
(JPEG) standards for still pictures, the H.261 standards 
for video conferences, the Moving Picture Image Cod- 
ing Experts Group 1 (MPEG1) standards for picture 
storage, and the MPEG2 standards for both existing tel- 
evision broadcasting and future high-definition televi- 
sion broadcasting. These techniques have enabled 
digital picture data to be processed in real-time. 

Since analog data, which is conventionally popular, 
is degraded each time it is stored, copied, edited, and 
transmitted, little notice has been taken of the control of 
the copyright associated with these operations. Digital 
data, however, is not degraded after repeated storing, 
copying, editing, and transmission, such control of the 
control of the copyright associated with these opera- 
tions is significant. There has been no adequate method 
for controlling the copyright for digital data; the copyright 
is managed based on the copyright law or relevant con- 
tracts. The copyright law simply establishes a compen- 
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sation system for digital recording or equipment thereof. 

A database not only has its contents referenced but 
is also used to effectively use data obtained through 
storing, copying, and editing, and it is possible to trans- 
s fer edited data to a different user via on-line basis such 
as a communication line or via off-line basis using 
appropriate recording medium or to transfer it to the 
database to be registered as new data. Although con- 
ventional databases have dealt with only character 
10 data, databases in multimedia system contain audio 
and picture data that are inherently analog, in addition 
to databased character data. 

Under these circumstances, the control of the cop- 
yright for data in databases is very important, but no 
is copyright management means that is particularly appli- 
cable to secondary use such as copying, editing, and 
transmission has been completed. 

In data communication using computers has been 
carried out in relatively small scale in the past, computer 
20 communication system called "Internet" has shown 
rapid progress in the past several years, and it is now 
being developed to a system closer and familiar to eve- 
rybody. The information used in communication of this 
Internet system has been initially limited to character 
25 information only, but, with the progress of technique, 
audio data and picture data are now used. At present, 
even electronic commerce data or digital cash data, for 
which reliability and confidentiality are important factors, 
are now being used in the Internet system. 
30 Under such circumstances, it has become neces- 
sary to establish new techniques to ensure and guaran- 
tee security to keep confidentiality and reliability of the 
processed data and also of the case where it is neces- 
sary to charge and collect a fee. 
35 in the information data, i.e. copyrighted data, for 
which fee is charged when utilizing such data, copyright 
is asserted in most cases, while there are information 
data such as personal mail, advertisement and propa- 
_ _S£n<te data, etc.,-for- which- copyright is'not pbsitivefy" ~ 
40 asserted. For example, in case of a personal mail, for 
which copyright is not asserted, it is important to main- 
tain privacy and to prevent falsification or forgery of the 
contents. Even in the data for advertisement and propa- 
ganda, which is usually not associated with assertion of 
45 copyright, damage or impairment may often occur due 
to falsification of the contents or business activities may 
be disturbed because of distribution of the data to the 
people other than those originally aimed or such trouble 
may be caused by false data. 
so As described above, it is essential in case of per- 
sonal mail to stop falsification of contents, to prevent 
infringement of privacy and to exclude forgery. For the 
advertisement and propaganda data, it is necessary to 
prevent falsification of data contents, to restrict looking 
55 and to exclude forgery. 

The prevention of infringement of privacy in the per- 
sonal mail and the restriction of looking of the advertise- 
ment and propaganda data can be achieved by 
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encryption of data. The prevention of forgery of the per- 
sona! mail and the advertisement and propaganda data 
and the exclusion of falsification of the personal mail 
and the advertisement and propaganda data can be 
attained by confirmation (certification) of the sender or 5 
the transmitter of the data. 

The Internet system is based on grass-roots con- 
cept and is a very fragile system as far as security of the 
system itself is concerned. Various systems for main- 
taining security of the Internet system have been pro- w 
posed, and typical systems are PEM (Privacy 
Enhanced Mail) adopting hierarchical structure and 
PGP (Pretty Good Privacy) adopting horizontal distrib- 
uted structure. These systems are effective to maintain 
confidentiality of data and to provide certification of the is 
transmitting source, certification on non-falsification of 
the data, display of the first transmitter and control of 
public-key, while it is not possible by these systems to 
restrict re-utilization of data including data editing. 

PEM, adopting hierarchical structure, comprises 20 
the most upper-level authority called IPRA (Internet 
PCA Registration Authority), a next upper-level author- 
ity called PCA (Policy Certification Authority), and the 
most lower-level authorities called Organizational, Res- 
idential and Personal respectively. Upper-level certrfica- 25 
tion authorities issue a public-key certificate with digital 
— signature on the data such as name of the lower-level 
authority for public-key of the lower-level authority, thus 
guaranteeing validity of the public-key. 

PGP. adopting horizontal distributed structure, has 30 
no entity to correspond to the certification authority of 
PEM, and a reliable third person guarantees validity of 
the public-key by issuing a public-key certificate with 
digital signature to the data such as name of the public- 
key. In this PGP, there is a method called electronic fin- 35 
gerpnnting to easily confirm the public-key. By this 
method, the public-key is hashed by one-way hash func- 
tion such as MD 5 (Message Digest 5). and 16-byte 

hash va[ue ^confirmed by_ voice. 

When PEM is compared with PGP, there is no prob- 40 
lem on the certifier in PEM, which adopts hierarchical 
structure, but this is not necessarily a commonly used 
system in the Internet System, which is based on grass- 
roots concept. On the other hand, PGP is a simplified 
system, which can be widely used. However, this cannot as 
be utilized in case there is no reliable person to sign. 

With recent development of computer network sys- 
tem, individual computers, used on stand-alone basts in 
the past, are connected together through the network 
system, and database system to commonly share the so 
data is now propagated. Further, distributed object sys- 
tem has been proposed, in which application program 
or basic software called operating system as well as 
data is also commonly shared through the network. 

In the distributed object system, both data and soft- ss 
ware are supplied by a server as an object, which com- 
prises program and data. In the distributed object 
system, there are two systems, i.e. a system called 



object container, in which operating system, application 
program and data are provided by a server and data 
processing and data storage are performed by a user 
terminal unit, which is an ordinary computer, and a sys- 
tem called server object in which operating system, 
application program and data are provided by a server, 
and data processing is performed by a user terminal 
unit called network computer, while data storage is car- 
ried out by a server. The server object system is further 
developed to a system, in which data processing is also 
performed by the server, and the user terminal unit is 
provided only with input/output function, and the whole 
system functions as a single computer. 

Another form of the network system called "license 
network" as rental network system, is considered. In 
this system, an enterprise providing network base such 
as communication lines also provides the systems other 
than communication lines such as fee charging system, 
security system, copyright management system, certifi- 
cation system, etc. And a service enterprise utilizes 
these services and carries out network business as if it 
is his own system. 

SUMMARY OF THE INVENTION 



In the present application, the inventor proposes a 
data management system for protecting copyright of 
digital data, for maintaining security in electronic com- 
merce data and keeping security for digital cash data in 
an ordinary computer network system, a distributed 
object system and a license network system. 

A first aspect of the data management system of 
the present invention comprises a data management 
center on a network, an original copyright owner or an 
information provider and a plurality of users who use the 
network. The data management center certifies public- 
key of network users, distributes secret-key for data 
encryption corresponding to presentation of a user_ 
labelrand identifies data utilizatidn^tetu^by therequesT" 
of the secret-key. The data is stored and transferred 
after having been encrypted using the secret-key, and 
the data is to be stored and transferred encrypted using 
a secret-key different from the secret-key for the data 
which has been transferred. An original data label is 
added to an original data, and an edit label is added to 
an . edited data. The data management center does not 
store the data but stores only the original data label and 
the data relating to editing. A user label is used to 
request the secret-key, but electronic fingerprinting of 
the user label may be used instead. 

The second aspect of the data management sys- 
tem comprises a data management center on a net- 
work, an original copyright owner or an information 
provider and a plurality of users utilizing the network. 
The data management center certifies the public-key of 
the network users, and stores the original data and the 
editing scenario, and further stores the user label, the 
original data label and edit label. The data is not trans- 
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ferred between the users and the data label encrypted 
by the public-key is transferred. For transfer and for 
request of utilization, the data label is used while elec- 
tronic fingerprinting of the data label may be used 
instead. 

trih, ^ 6 l! Clr0, ! C commerce system, every data is dis- 
tnbuted through a mediator on a network, data which is 
transferred from a maker to a user is encrypted by a 
secret-key for encryption, and data which is transferred 
from the user to the maker is encrypted by a secret-key w 
tor re-encryption. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Fig 1A to Fig. 1 D each represents a drawing for , 5 
explaining labels; 

Fig. 2A to Fig. 2D each represents a drawing for 
explainmg label, data header and data body- 
Fig 3A to Fig. 3D each represents a drawing for 
explaining encryption of data and label- 20 
Fig 4A to Fig. 4G each represents a drawing for 
explaining encryption of data header and data 
body; 

Fig 5A to Fig. SC each represents a drawing for 
explaining encryption of label, data header and 2s 
data body; 

_ .. % 6* and Fig. 6B each represents a drawing for - 
explaining encryption of object file; 
Fig. 7 represents a conceptions structure of a data 
management system of a first embodiment of the so 
present invention; 

Fig. 8 represents a conception^ structure of a data 
management system of a second embodiment of 
the present invention; 

Fig. 9 is to explain a technique to generate data 35 
from a plurality of data; 

Fig. 10 represents a conception^ structure of a 
data management system of a third embodiment of 
the present invention; 
_ Fig 1.1. represents a-conceptionalltfmctuFe of a~~4o~ 
data management system of a fourth embodiment 
of the present invention; 

Fig. 12A and Fig. 12B each represents a concep- 
tual structure of a data management system of a 
fifth embodiment of the present invention 45 



righted data, an information provider (IP) of the original 
copyrighted data, a user of the original copyrighted data 
and those who edit the original copyrighted data. There 
may be a single certifier or a plurality of certifiers In 
case a plurality of certifiers are present they can be vir- 
tually considered as a single entity by linking them with 
each other. 

In this system, a set of public-key & private-key of 
each user and a secret-key different for each step of the 
use of the copyrighted data are used. Among these 
keys, the pnvate-key is managed under responsibility of 
each user and corresponding public-key is performed 
digital signature by the certifier, so that the reliability is 
maintained. The public-key is controlled by a key man- 
agement center generally called key library and is dis- 
tributed at the request of the user, while it is possible to 
fink a certifier having certifying function with the key 
management center or to make the certifier also have a 
function of the key management center. 

-Crypt Key- 



DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

To begin with the description of embodiments 
according to the present invention, from first embodi- 
mentto fifth embodiment, basic explanation for these 
embodiments are described hereinafter. 

.--Certifier- 

In the present invention, it is necessary to have an 
entity, which certifies copyright owner of original copy- 



Brief description will be given on a key system and 
a digital signature system used in the invention. 

Secret-key system is also called "common key sys- 
tem" because the same key is used for encryption and 
decryption. Because it is necessary to keep the key in 
secret, it is also called "secret-key system". Typical 
examples of encryption algorithm using secret-key are- 
DES (Data Encryption Standard) system of National 
Bureau of Standards. FEAL (Fast Encryption Algorithm) 
system of NTT. and MISTY system of Mitsubishi Electric 
Corp. In the embodiments described below, the secret- 
key is referred as "Ks". 

In contrast, the public-key system is a cryptosystem " 
using a public-key being made public and a private-key. 
which is maintained in secret to those other than the 
owner of the key. One key is used for encryption and the 
other key is used for decryption: Typical exanple is RSA 
public-key system. In the embodiments described 
below, the public-key is referred as "Kb", and the pri- 
vate-key is referred as "Kv". 

Here, the operation to encrypt a data M as data 
matenal to a cryptogram Ck using a crypt key K is 
expressed as: 

Ck = E (M. K) 



and the operation to decrypt the cryptogram Ck to the 
so data M using a crypt key K is expressed as: 

M = D (Ck, K). 

Digital signature is a technique applying the public- 
55 key system. In this system, a transfer source turns the 
data M to a hash value Hm by one-way hash function 
such as MD 5. Using a private-key Kv, the hash value 
Hm is encrypted to ChmKv and is transferred together 
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with the data M to a transfer destination. The transfer 
destination decrypts the transferred encrypted hash 
value Chmkv to the hash value Hm using the public-key 
Kb and also turns the transferred data M to a hash value 
Hm' using the same one-way hash function. If 5 
Hm = Hm\ rt is judged that the transferred data is relia- 
ble. The hash value Hm obtained in this process can be 
uniquely obtained from the data M, and it is not possible 
to uniquely reproduce the data M from the hash value 
Hm. 

10 

in case the transfer source and the transfer destina- 
tion can confirm each other, the reliability of the transfer 
data is maintained even when the hash value Hm is 
transferred without encrypting. This is called electronic 
fingerprinting and is used for simplified certification is 



-Use of Keys- 

ln the embodiments from first to fifth, encryp- 
tion/decrypton/re-encryption of data, storing inhibition 20 
of data, and storing of crypt keys are performed in 
devices other than those in a center. These operations 
are desirable to be operated by automatically working 
unique application program, by application program 
contained in . data, or for attaining higher security by 25 
operating system. It can be further attained higher secu- 
nty to perform these processings by using IC card or PC 
card. 



prepares a user label and transmits it to the user. The 
user stores the user label, and a user's public-key, a 
user's private-key and a public-key of the data manage- 
ment center which are used in the system, in the user's 
own device. The optimal place for this storage is an IC 
card or a PC card, while it is also possible to store in a 
data storage unit in the device. A manner of storing 
crypt keys by IC card or PC card can ensure the higher 
security than that of managing keys by operating sys- 
tem. 

In the following, description will be given on a sys- 
tem to manage data copyrights, while there are digital 
data other than copyrighted data, requiring confidential- 
ity, certainty and reliability of communication contents, 
dealing contents, etc. such as electronic commerce 
data or digital cash data, and the present invention can 
also be applied to these digital data. 

In the network system using crypt key, an entity to 
store the crypt key and an entity to generate the crypt 
key are placed out of the network system and are uti- 
lized via the network system. In the embodiment 
described below, it is supposed that a single entity, i.e. 
data management center, serves as all of these entities. 

-Label- 



-Charging- 



30 



To ensure to charge and collect a fee correspond- 
ing to the use of data, there are two methods: to charge 
a fee corresponding to the expected use prior to actual 
use, and to charge a fee corresponding to actual result 35 
of use after the use. 

The method to charge a fee after the use can be 
implemented by metering bill payment in which the use 
results are recorded and the fee is charged by checking 
-the record of use, or by card prepayment in which a card 40 
with an amount of purchase entered in advance on it is 
used to be subtracted by the entered amount corre- 
sponding to the actual use. 

Further, the metering bill payment method is 
divided into two methods to install a recording unit on 4s 
server side like charging for telephone calls and to 
install a recording unit on user terminal like charginq 
electric fees. 

The card prepayment method is divided into two 
methods in which prepayment is stored on server side so 
as a credit card; and the prepayment is stored on user 
side as a prepaid card. 



-Storing of Keys- 

ln first to fourth embodiments, based on user infor- 
mation presented by the user when the user registers 
utilization of the system, the data management center 
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In the present invention, labels are used to protect 
copyright of the data and to execute data copyright. 
First, description will be given on the labels, referring to 
Figs. 1,2 and 3. 

- - In this system, a user label of the system user is 
used. On the user label, information of the label owner 
is described as shown in Fig. 1A. In case the label 
owner has the original copyright, information relating 
the original copyrighted data is added as shown in Fig. 
1 B. In case the copyrighted data is an edited copyrighed 
data obtained by editing the original copyrighted data, 
information relating to the data of original copyright, 
—information of edit toorarid editing data (editing sce- 
nario) are further added as shown in Fig, 1C. It is also 
possible to add the edit tool (editing program) instead of 
the edit tool information as shown in Fig. 1 D. 

Among these labels, the label where only informa- 
tion of the label owner as shown in Fig. 1 A is described 
is referred as "user label", and the label with information 
relating copyrighted data as shown in Fig. IB is referred 
as "copyright label", and the label with information of the 
editing scenario is referred as "edit label" as shown in 
Fig. 1Cor Fig. 1D. 

The user label is generated by the data manage- 
ment center according to the information of the user 
when the user joins the system. The copyright label is 
generated by the data management center when the 
author of the data presents the content to the data man- 
agement center. The edit label is generated by the data 
management center, when the user who has edited the 
data presents the user label and the editing scenario to 
the data management center. These are transferred to 
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each label owner and are stored at the data manage- 
ment center. a 

-Encrypting- 



ho J"' 93 ' 2A " 28 3nd 20 630,1 resents relationship 
between copyright label and copyrighted data 

In the copyright label and copyrighted data corre- 
sponding to the label, the copyright label is separated 
from header of the data as shown in Fig. 2A or is inte- 
grated with header of the data as shown in Fig. 2B or is 
bonded to the header as shown in Fig 2C ' 

In case the copyright label is bonded to the header 
^Possible , 0 have extended label arrangement, in 
which a plurality of copyright labels are combined 
togetheras shown in Fig. 2D. In case where label is 
integrated as shown in Fig. 2B. if the copyright label 
becomes larger, label may not be accommodated in a 

Sni??^ * ' imited in 

extended label arrangement by combining a plurality of 

labels as shown in Fig. 2D. if there are too many labels 

it exceeds the limit of packet size on Internet, and this 

causes difficulty in distribution. 

c ™ 8 l e is * ^ wnere ^e copyright label is 
wh^f* arH L USed 35 ^ in R 9 3A and * case 

S ? R .' S r , W,th0Ut bein9 6ncr yP ,ed as sh °™ ^ 
.. 3B,Jn these figures, square framed portions show 

TntSJ^T^ 0386 the cop y r, '9 ht label ^ not 
encrypted, the data copyrighted is encrypted Even in 

case where the copyright label is not encrypted the 

copyright labels other than the finally added copyright 

label are encrypted in the extended label arrangement 

as shown in Rg. 2D and a multi-stage arrangement can 

=h^ P ' , WhiCh ° rypt key of ** copyright labels 
• added previously and encrypted is included in the copy- 
right label added later as shown in Rg. 3C and FigTo 
By this arrangement, it is possible to confirm the content 
of the previously added copyright labels 

Date is encrypted and decrypted to protect the cop- 
yright, buuencryption-and decryption are te'ste which 
apply much burden on computers. In case the data to 
be encrypted or decrypted is a text data mainly com- 
posed of characters, the burden of encryption and 
decryption ,s not so much, but in case the data to be 
encrypted or decrypted is audio data or picture data 
especially moving picture data, the burden of encryption 
and decryption may be enormous. For this reason even 
m case high speed crypt algorithm is used, as special 
type computer such as super-parallel type super-com- 
puter is necessary rather than generally used personal 
computers, at present, it is not practical in softwear to 
encrypt or decrypt the data other than text data ie 
moving priure data in real-time by softwear 

Description will be given now on an arrangement of 
!«°T°l and decr yP fion o'data referring to Figs. 4A 
4B. 4C. 4D. 4E. 4F and 4G. In these figures, square 
framed portions are the portions to be encrypted 

Fig. 4A shows a method to use cryption in principle. 
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Only data body, overwhelmingly larger compared with a 
header portion, is encrypted, and the data header to be 
used to recognize the data is not encrypted. In this 
arrangement, the burden of encryption and decryption 
is very high. 

In contrast, there is a method to encrypt the data 
header portion without encrypting the data body portion 
as shown in Rg. 4B. In this case, if the entire header is 
encrypted, the data cannot be recognized. Hence, a 
part of the header is not encrypted. 

As a method to reduce the burden in the arrange- 
ment of Fig. 4A. only the forward portion of the data 
body can be encrypted as shown in Fig. 4C. In this 
arrangement, it is only a part of the data body which 
must be encrypted or decrypted, and the burden of 
encryption and decryption is extremely reduced. 

Rg. 4D shows the case where the effect by the 
arrangement of Rg. 4C is increased more, and a plural- 
ity of encrypted portions of the data body are provided 
in the data body. 

Fig. 4E shows a method called SKIP (Simple Key- 
management for Internet Protocols). Here, data body is 
encrypted, and a part of the header is encrypted 
whereby crypt key for decrypting the data body is 
placed in the encrypted portion in the header In this 
arrangement, it is extremely difficult to cryptanalyze 
because two pieces of cryption must be decrypted. 

However, in case of the arrangement shown in Fig 
4E. the entire data body is encrypted, and the burden of 
encryption and decryption is very high as in the case of 
the arrangement shown in Fig. 4A. If the arrangement of 
Rg. 4E is combined together with the arrangement of 
Fig. 4C and only the forward portion of the data body is 
encrypted as shown in Fig. 4F. the burden of encryption 
and decryption is extremely reduced because it is nec- 
essary to encrypt or decrypt only a part of the data 
body. 

In the arrangement of Fig. 4E. if a plurality of _ 
encrypted portions are provided in the data~body as 
shown in Rg. 4G by combining with the arrangement of 
Rg. 4D. the effect is increased more. 

Description regarding an encryption/decryption 
structure of data having general file form will be given 
referring to Figs. 5A. 5B and 5C. In these figures 
square framed portions are to be encrypted. 

Data having general file form consists of data body 
portion and data header portion, and further, copyright 
label connecting with or relating to. according to the 
present invention. Fig. 5A shows a method to use cryp- 
tion in principle. Only data body is encrypted, and copy- 
right label and data header are not encrypted and 
similar to the arrangement of Fig. 4A. the burden of 
encryption and decryption is very high. 

In contrast, there is a method to encrypt the data 
header portion without encrypting the data body portion 
as shown in Fig. 5B. In this case, if the entire header is 
encrypted, the data cannot be recognized. Hence, a 
part of the header is not encrypted. In this case, the 
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copyright label also is not encrypted. 

i^. 7 * 1 !!! 6 fe an0ther method 10 enCf yP t the copyright 
label wrthout encrypting the data body and data header 
portions as shown in Fig. 5C. In this case also, if the 
entire copyright label is encrypted, the relation to data s 
wh,ch corresponds to the copyright label cannot be rec- 
ognized Hence, a part of the copyright label is not 
encrypted. 

Further, there is a method of so-called object ori- 
ented programming performing various processings by w 
using object" integrated with data and program which 
handles data, instead of general form file consisting of 
data header and data body. The object has basic con- 
ceptual structure as shown in Fig. 6A. A storing portion 
called as slot" in an envelope called as Instance" acco- is 
modates data called as "instance variable". The slot is 
surrounded by one or more of procedures called as 
meftod for referring, processing, binding and so on 
and the instance variable can be referred to or operated 

STnlr^'J 71 '' 8 fmCti ° n fe M as "encapsu'a- » 
tion . Instruction from outside to make the "method- 
refer to or operate the instance variable is called as 
message". 

This means, in another view, the instance variable 
which is impossible to be referred to or operated without 25 
through method" is protected by the "method" Then 
— the can be used for encrypting the "method" and allow- 
ing the instance variable to be referred to or operated 
only by -message" which can decrypt the encrypted 
method as shown in Fig. 6B. In this case also, similarly 30 
to the case of data having general file form in Fig. 5C 
since rf entire "method" is encrypted, it is impossible to 
utilize object", a part of the "method" is not encrypted 
in Fig. 6B, square flamed portion is encrypted. 

[1st Embodiment] 35 

refocS^f r° n , Wi " * 9iVe " °" a firet embodiment 
referring to Fig. 7. 

._ - -To explain the prirciple.deKripfon is givenlirst on ~ 40 
a case where the user transfers original copyrighted 
data to the next user without editing it. The case where 
the user edits the original copyrighted data will be 
described later. Practically, the case where the original 
copyrighted data is not edited is combined with the case as 
where the original copyrighted data is edited, and ear- 
ned out as explained in the third embodiment. In the 
system of the present embodiment, secret-key and pub- 
lic-key & private-key are used. Therefore, an entity to 
manage public-key and an entity to generate secret-key so 
may be linked to or included in the data management 
center. 

(1) An original author (data owner) A presents an 
or.g.nal copyright label LO and requests the data 55 
management center Cd to distribute an original 
secret-key KsO. The original author may transfer or 
deposit the original copyrighted data to an informa- 



tion provider (IP) or to database so that the informa- 
tion provider or the database can play a role of the 
onginal author, ft is also possible that the original 
author A stores the origins secret-key KsO and 
encrypts the original copyrighted data MO without 
depending on the data management center Cd 
while the original secret-key KsO must be stored at 
the data management center Cd to utilize the origi- 
nal copyrighted data MO by the user (data user). 

(2) When the distribution of the original secret-key 
KsO is requested, the data management center Cd 
encrypts the original secret-key KsO corresponding 
to the original copyright label LO using a public-key 
Kba of the original author A: 



CksOkba = E (KsO, Kba) 

and distributes the encrypted original secret-key 
CksOkba together with the original copyright label 
U) to the original author A. 

The secret-key is hereafter, encrypted by a 
public-key of a distributed destination in order to be 
decrypted only by the distributed destination. 

In this case, the data management center Cd 
performs one-way hash on the original copyright 
label LO using algorithm such as MD 5 and pre- 
pares an original copyright label fingerprint FO e g 
the one having 1 6-byte data, and distributes it to the 
original author A. Thereafter, this electronic finger- 
print is transferred together with the copyrighted 
data. 

(3) When the encrypted original secret-key 
CksOkba is distributed, the original author A 
decrypts the encrypted original secret-key CksOkba 
using the private-key Kva of the original author A: 

- KsO = D (CksOkba,T<vay, 

encrypts the original copyrighted data MO using the 
decrypted original secret-key KsO: 

CmOksO = E (MO, KsO), 

and transfers the encrypted original copyrighted 
data CmOksO, the original copyright label LO and 
the original copyright label fingerprint FO to a first 
user U1. 

(4) When the encrypted original copyrighted data 
CmOksO, the original copyright label LO and the 
original copyright label fingerprint FO are trans- 
ferred, the first user U1 presents the original copy- 
right label LO, the original copyright label fingerprint 
FO and first user label Lu1, and requests the data 
management center Cd to distribute the original 
secret-key KsO and a first secret-key Ks1 . 
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(5) When requested to distribute the original secret- 
key KsO and the first secret-key Ks1 , the data man- 
agement center Cd confirms validity of the pre- 
sented original copyright label LO by the original 
copyright label fingerprint FO, and registers the first 
user label Lul. At the same time, the original 
secret-key KsO corresponding to the original copy- 
right label LO and the first secret-key Ks1 corre- 
sponding to the first user label Uj1 are encrypted 
using public-key Kb1 of the first user U1 : 

CksOkbl = E (KsO, Kb1) 



10 



Ckslkbl =E(Ks1, Kb1) 

and distributes the encrypted original secret-key 
CksOkbl and the encrypted first secret-key 
Oks1 kb1 to the first user U1 . 

(6) When the encrypted original secret-key 
CksOksbl and the encrypted first secret-key 
Ckslkbl are distributed, the first user U1 decrypts 
the encrypted original secret-key CkOkbl and the 
encrypted first secret-key Ckslkbl using private- 
key Kv1 of the first user U1- 
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KsO = D (CksOkbl, Kv1) 

Ks1 = D (Ckslkbl, Kv1). 

Then, the encrypted original copyrighted data 
CmOksO is decrypted using the decrypted original 
secret-key KsO: 

MO = D (CmOksO, KsO) 

and the decrypted origins copyrighted data MO is 
utilized. 

In case the original copyrighted data MO is 

^ s I or ^^ c °P'ed. Jt is encrypted using the decrypted 

first secret-key Ks1: 

CmOksl =E(MO ( Ks1). 

This is stored or copied as the encrypted original copy- 45 
righted data CmOksl. In case the original copyrighted 
data MO is to be transferred to a second user (next data 
user) U2, it is encrypted using the decrypted first secret- 
key Ks1 and is transferred as the encrypted original 
copyrighted data CmOksl, together with the original so 
copyright label LO. the original copyright label fingerprint 
FO and the first user label Lu1 . 

Each user may put digital signature which one- 
way hash value of the user's label is encrypted 
using user's private-key on the user's label to be ss 
presented to the data management center Cd 
Then, the data management center decrypts the 
encrypted one-way hash value using the user's 



public-key calculates the one-way hash value of the 
label and compares the two one-way hash values in 
order to verity the validity of each user's label. 

(7) When the encrypted original copyrighted data 
CmOksl . the original copyright label LO, the original 
copyright label fingerprint FO and the first user label 
Lu1 are transferred, the second user U2 presents 
the original copyright label LO, the original copyright 
label fingerprint FO, the first user label Lu1 and sec- 
ond user label Lu2, and requests the data manage- * 
ment center Cd to distribute the first secret-key Ks1 
and second secret-key Ks2. 

(8) When requested to distribute the first secret-key 
Ksl and the second secret-key Ks2, the data man- 
agement center Cd confirms validity of the original 
copyright label LO and the first user label Lu1 by the 
original copyright label fingerprint FO. 

When it is confirmed that the first user label 
Lu1 is valid, the data management center Cd regis- 
ters the second user label Lu2 and encrypts the first 
secret-key Ks1 corresponding to the first user label 
Lu1 and the second secret-key Ks2 corresponding 
to the second user label Lu2 using public-key Kb2 
of the second user U2: 

Cks1kb2 = E(Ks1, Kb2) 

Cks2kb2 = E (Ks2, Kb2) 

and distributes the encrypted first secret-key Cks1kb2 
and the encrypted second secret-key Cks2kb2 to the 
second user U2. 

(9) When the encrypted first secret-key Cks1kfo2 
and the encrypted second secret-key Cks2kb2 are 
distributed, the second user U2 decrypts the 

er icrypted_first- secret-key Cks1kb2- and" the — 

encrypted second secret-key Cks2kb2 using pri- 
vate-key Kv2 of the second user U2: 

Ks1 = D(Cks1kb2, Kv2) - 

Ks2 = D (Cks2kb2, Kv2). 

decrypts the encrypted original copyrighted data 
CmOksl using the decrypted first secret-key Ks1 ; 

MO = D (CmOksl , Ks1) 

and utilizes the decrypted original copyrighted data 
MO. 

In case the original copyrighted data MO is to 
be stored or copied, it is encrypted using the 
decrypted second secret-key Ks2, and the 
encrypted original copyrighted data Cm0ks2 is 
stored or copied. In case the original copyrighted 



8 



15 



EP 0 833 241 A2 



16 



data MO is to be transferred to a third user U3 it is 
encrypted using the decrypted second secret-key 
KS2. and the encrypted original copyrighted data 
Cm0ks2 is transferred to the third user U3 together 
with the original copyright label L0, the original cop- « 
yngnt label fingerprint FO. the first user label Lul 
and the second user label Lu2. 

(10) When the encrypted original copyrighted data 
Cm0ks2 is transferred together with the original w 
copyright label L0. the original copyright label fin- 
gerprint FO, the first user label Lu1 and the second 
user label Lu2. the third user U3 presents the origi- 
nal copyright label L0. the original copyright label 
fingerprint FO. the first user label Lul . the second is 
user label Lu2 and third user label Lu3. and 
requests the data management center Cd to distrib- 
ute the second secret-key Ks2 and third secret-key 

(11) When requested to distribute the second *° 
secret-key Ks2 and the third secret-key Ks3 the 
data management center Cd confirms whether the 
original copyright label L0. the first user label Lu1 
and the second user label Lu2 are valid or not zs 
using the original copyright label fingerprint FO 

When it is confirmed that the second user label 
Lu2 is valid, the data management center Cd regis- 
ters the third user label Lu3 and encrypts the sec- 
ond secret-key Ks2 corresponding to the second so 
user label Lu2 and third secret-key Ks3 corre- 
sponding to the third user, label Lu3 respectively 
using public-key Kb3 of the third user U3- 



thus utilizes the decrypted original copyrighted data 
MO. 

In case the original copyrighted data MO is to be 
stored or copied, it is encrypted using the decrypted 
third secret-key Ks3. and the encrypted original copy- 
nghted data Cm0ks3 is stored or copied. In case the 
original copyrighted data MO is to be transferred to a 
fourth user U4. ft is encrypted using the decrypted third 
secret-key Ks3. and encrypted original copyrighted data 
Cm0ks3 is transferred to the fourth user U4 together 
with the original copyright label L0. the first user label 
Lul. the second user label Lu2 and the third user label 

Then, the same operation is repeated. 



Cks2kb3 = E (Ks2. Kb3) 
Cks3kb3 = E (Ks3, Kb3). 
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Then, the encrypted second secret-key Cks2kb3 and 

5^!? ed Mrd secret - k ey CksSkbS w distributed" 
to the third user U3. 

rif oJ" h6n thG encf yP ted se cond secret-key 
Cks2kb3 and the encrypted third secret-key 
Cks3kb3 are distributed, the third user U3 decrypts 45 
the encrypted second secret-key Cks2kb3 and the 
encrypted third secret-key Cks3kb3 using private- 
key Kv3 of the third user U3- 



[2nd Embodiment] 

Description will be given on a second embodiment 
m which the key used to encrypt the copyrighted data is 
sent separately from the key used for decrypting the 
copyrighted data, referring to Fig. 8. In the second 
embodiment, handling of keys, relationship between the 
original author, the information provider and the users 
as well as handling of labels are the same as in the first 
embodiment, and detailed description is not given here. 

(1) The original author A presents the original cop- 
yright label L0 and requests the data management 
center Cd to distribute original secret-key KsO. 

(2) When requested to distribute the original secret- 
key KsO, the data management center Cd prepares 
an original copyright label fingerprint FO from the 
original copyright label L0, and encrypts the original 
secret-key KsO corresponding to the original copy- 
right label LD using public-key Kba of the original 
author A: 



Ks2 = D (Cks2kb3, Kv3) 
Ks3 = D (Cks3kb3, Kv3) 



50 



and decrypts the encrypted original copyrighted 
data Cm0ks2 using the decrypted second secret- 55 
key Ks2: 



MO: 



D (Cm0ks2, Ks2), 



CksOkba = E (KsO, Kba), 

and distributes the encrypted original secret-key 
CksOkba together with the original copyright label 
L0 to the original author A. 

(3) When the encrypted original secret-key 
CksOkba is distributed, the original author A 
decrypts the encrypted original secret-key CksOkba 
using private-key Kva of the original author A: 

KsO = D (CksOkba, Kva) 

and encrypts the original copyrighted data MO 
using the decrypted original secret-key KsO: 

CmOksO = E (MO, KsO). 

Then, the encrypted original copyrighted data 
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CmOksO, the original copyright label LO and the 
original copyright label fingerprint FO are trans- 
ferred to the first user U1. 

(4) When the encrypted original copyrighted data 
CmOksO, the original copyright label LO and the 
original copyright label fingerprint FO are trans- 
ferred, the first user U1 presents the original copy- 
right label LO, the original copyright label fingerprint 
FO and first user label Lui. and requests the data 
management center Cd to distribute the original 
secret-key KsO. 

(5) When requested to distribute the original secret- 
key KsO, the data management center Cd confirms 
validity of the presented original copyright label LO 
using the original copyright label fingerprint FO and 
registers the first user label Lu1. At the same time 
the original secret-key KsO corresponding to the 
original copyright label LO is encrypted using public- 
key Kb 1 of the first user U1: 

CksOkbl = E (KsO, Kb1) 

and the encrypted original secret-key CksOkbl is 
distributed to the first user U1 . 
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(6) When the encrypted original secret-key 
CksOkbl is distributed, the first user U1 decrypts 
the encrypted original secret-key CkOkbl using pri- 30 
vate-key Kv1 of the first user U1 : 

KsO = D (CksOkbl, Kv1) ( 
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decrypts the encrypted original copyrighted data 35 
CmOksO using the decrypted original secret-key 
KsO: 7 

MO = D (CmOksO, KsO), 

and utilizes the decrypted original copyrighted data 
MO. 

(7) In case the original copyrighted data MO is to be 
stored or copied, the original copyright label LO and 
the original copyright label fingerprint FO, and the 
first user label Lu1 are presented again, and the 
distribution of the first secret-key Ksl is requested 
to the data management center Cd. 

(8) When requested to distribute the first secret-key 
Ks1, the data management center Cd confirms 
validity of the presented first user label Lu1 using 
the original copyright label fingerprint FO and 
encrypts the first secret-key Ks1 corresponding to ss 
the registered first user label Lu1 using public-key 
Kb 1 of the first user U1 : 



Ckslkbl = E(Ks1, Kb1) 
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and distributes the encrypted first secret-key 
Ckslkbl to the first userUL 

(9) When the encrypted first secret-key Ckslkbl is 
distributed, the first user U1 decrypts the encrypted 
first secret-key Ckslkbl using private-key Kvl of 
the first user U1: 

Ks1 = D (Ckslkbl, Kv1) 

and encrypts the original copyrighted data MO 
using the decrypted first secret-key Ks1 : 

CmOksl = E(M0, Ks1). 

Then, the encrypted original copyrighted data 
CmOksl is stored or copied. In case the original 
copyrighted data MO is to be transferred to the sec- 
ond user U2, it is encrypted using the decrypted 
first secret-key Ksl , and the encrypted original cop- 
yrighted data CmOksl is transferred together with 
the original copyright label LO, the original copyright 
label fingerprint FO, and the first user label Lu1. 

(10) When the encrypted original copyrighted data 
CmOksl , the original copyright label LO, the original 
copyright label fingerprint FO and the first user label 
Lu1 are transferred, the second user U2 presents 
the original copyright label LO, the original copyright 
label fingerprint FO, the first user label Lu1, and the 
second user label Lu2, and requests the data man- 
agement center Cd to distribute the first secret-key 
Ksl. 

(11) When requested to distribute the first secret- 
key Ks1 , the data management center Cd confirms 
. validity-of the original copyright label LOand the first " 
user label Lu1 using the original copyright label fin- 
gerprint FO. 

When it is confirmed that the first user label 
Lui is valid, the data management center Cd regis- 
ters the second user label Lu2, encrypts the first 
secret-key Ks1 corresponding to the first user label 
Lu1 using public-key Kb2 of the second user: 

Cks1kb2 = E(Ks1 ( Kb2) 



and distributes the encrypted first secret-key Cks1kb2 
to the second user U2. 

(12) When the encrypted first secret-key Cks1kb2 
is distributed, the second user U2 decrypts the 
encrypted first secret-key Cks1kb2 using private- 
key Kv2 of the second user U2: 



Ks1 =D(Cks1kb2, Kv2) ( 
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decrypts the encrypted original copyrighted data 
CmOksl using the decrypted first secret-key Ksl : 

MO = D(CmOks1, Ks1) 
and utilizes the decrypted original copyrighted data 

(13) In case the original copyrighted data MO is to 
be stored or copied, the original copyright label LO w 
the original copyright label fingerprint FO. the first 
user label Lu1 and the second user label Lu2 are 
presented again, and the distribution of second 
secret-key Ks2 is requested to the data manage- 
ment center Cd. 

(14) When requested to distribute the second 
secret-key Ks2. the data management center Cd 
confirms validity of the presented second user label 
Lu2 using the original copyright label fingerprint FO 20 
encrypts the second secret-key Ks2 corresponding 
to he registered second user label Lu2 using pub- 
lic-key Kb2 of the second user U2- 
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user label Lu2 and the third user label Lu3 and 
requests the data management center Cd to distrib- 
ute the second secret-key Ks2. 

(17) When requested to distribute the second 
secret-key Ks2. the data management center Cd 
confirms whether the original copyright label LO the 
first user label Lu1 and the second user label Lu2 
are valid or not using the original copyright label fin- 
gerprint FO. 

When it is confirmed that the second user label 
Lu2 is valid, the data management center Cd regis- 
ters the third user label Lu3. encrypts the second 
secret-key Ks2 corresponding to the second user 
label Lu2 using public-key Kb3 of the third user U3 
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Cks2kb2 = E (Ks2. Kb2) 

and distributes the encrypted second secret-key 
Cks2kb2 to the second user U2. 

r?J0? m tHe encr yP ted second secret-key 
Ckskb2 is distributed, the second user U2 decrypts 
the encrypted second secret-key Cks2kb2 using 
private-key Kv2 o*,the second user U2: 

Ks2 = D (Cks2kb2. Kv2). 

encrypts the original copyrighted data MO using the 
decrypted second secret-key Ks2: 

Cm0ks2"= E (MO, Ks2)7 

and stores or copies it as the encrypted original 
copyrighted data Cm0ks2. In case the original cop- 
yrighted data MO is to be transferred to the third 
user U3, it ,s encrypted using the decrypted second 45 
secret-key Ks2. and is transferred as the encrypted 
onginal copyrighted data Cm0ks2 together with the 
original copyright label LO. the original copyright 
label fingerprint FO, the first user label Lu1 and the 
second user label Lu2 to the third user U3. so 

(16) When the encrypted original copyrighted data 
Cm0ks2 is transferred together with the original 
copyright label LO. the original copyright label fin- 
gerprint FO. the first user label Lul and the second 55 
user label Lu2. the third user U3 presents the origi- 
nal copyright label LO. the original copyright label 
fingerprint FO. the first user label Lu1, the second 
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Cks2kb3 = E (Ks2. Kb3) 

^o^ StribUteS encr yPted second secret-key 
Cks2kb3 to the third user U3. 

(18) When the encrypted second secret-key 
Cks2kb3 is distributed, the third user U3 decrypts 
the encrypted second secret-key Cks2kb3 using 
private-key Kv3 of the third user U3. 

Ks2 = D (Cks2kb3. Kv3). 

decrypts the encrypted original copyrighted data 
Cm0ks2 using the decrypted second secret-key 
Ks2: - ' 

MO = D (Cm0ks2. Ks2) 

and utilizes the decrypted original copyrighted data 
MO. 

(19) In case the original copyrighted data MO is - 
storedand copied, the original copyright label LO. 
the original copyright label fingerprint FO. the first 
user label Lu1. the second user label Lu2 and the 
third user label Lu3 are presented again, and the 
distribution of the third secret-key Ks3 is requested 
to the data management center Cd. 

(20) When requested to distribute the third secret- 
key Ks3. the data management center Cd confirms 
validity of the presented third user label Lu3 using 
the original copyright label fingerprint FO. The third 
secret-key Ks3 corresponding to the registered 
third user label Lu3 is encrypted using public-key 
Kb3 of the third user U3: 

Cks3kb3 = E (Ks3, Kb3) 

and the encrypted third secret-key Cks3kb3 is dis- 
tributed to the third user U3. 
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fdSSS? STKE ^^S 3 ^ ^ ^ *** ^ *» (-""0 scenario) are 

encrypted third Z«Zy Si£ JS^""* ^ ^ ^ « 

key Kv3 of the third user U3 5™ and 106 ed(t " 19 scenano are specified, it is impossi- 

°' b'e to reproduce the edited data. 

Ks3 = K(Cks3kb3 Kv3) 5 T ° Pr0dUCS n6W data from sin 9 le data, 

' there are a case in which edited data {A 1 } is obtained by 

encrypts the original copyrighted data MO u^ino » ho Jtenng original data A; a case in which edited data {A + 
decrypted third secret-key te3 9 * 0bla,ned by ""^ data x <° the original data A by 

a user; a case in which edited data {A"} is obtained by 

Cm0ks3 = E (MO Ks3) '° jTJl 9 ° ri9inal ***** A ' nt ° ° ri9inal *** e,em ents 

Al. A2, A3 and changing the arrangement of the 

and stores and copies it as the encrvoted nri„in al l ° SUCh 38 A3, and A1 : and a case in **** 

U4. rt ,s encrypted using the decrypted third secret- t^Hsefinto xT')S X, "" ' ** * ° f 

key Ks3 and is transferred to the fourth user U4 as merJs afran9 ' n9 th6Se e ' 6 - 

the encrypted original copyriahted data Cmnire^ ,„', u 

together with the original Sght l£el LO S „• " ^ ^ a,terationof °Wl data, change of 

original copyright label f inaeroriE ro ' ! 9 3 d3te ^"Sement. combination of the original 

label Lul . Z ^JSSKS' ISS £5 20 datawrth - a ^ata. and dhWon of the original datJand 

user label Lu3 *" rd conTbnat.cn of rt with the user data arise respectively a 

secondary exploitation right as a secondary copyright 

Then, the same operation is repeated T^AT***? *° be protected ' ™ e original copy- 

'ntheabo Ve -mentionedembodim e nt.onlythekeys » ;f u ^ he user ' of rouree - e «sts in the data X added by 

operation is simplified for the H £? ^i'" *» {A + 

copy or transfer the copyrighted data a obtamed b V s,m P'y combining original data 

It is also possible to simultaneously orovVte w, *. vi ^ 3 **** Which edited data ^ as ( A + 

systems so that the two •y^^i'SSLE " ^-^^^^ataX to the original data A. B. 

selected and utilized, i.e. a system vvherVtheS" for ^^CzT ^^VT +B1 + ™ + 

re-encryptjon are distributed at the same time a V\ho t ^ 5 f + A3 + B3 + C3 + is obtained 

keys for decryption as in the f rsV erSSment and J I 'T* ** * * C into 

^^l^terr^ry^^^!^ 35 data A1. A2 A3 B1.B2.B3 and 

tributed from those for decryption as in thVaini combining them, and changing their 

embodiment. 6 SeCOnd arrangements; and a case in which edited data {A1 + B1 

+ C1+X1 + +A2 + B2 + C2 + X2+ + A3 + B3 

[3rd Embodiment] + C3 + X3 + } is obtained by dividing the origjna] 

data B - c - ••• • - into original data _ elements Ai;7^7 

Description will be given now on a fhini Dmh Mi "° A3 ' "ZT* 1 ' ^ 83 CI. C2, C3 combin- 

Fig. 10. 9 9 - a ancJ . A,so 'n these cases, combination of a plurality of 

The edit processinq of the convrinhf^ ^ ■ °«<3ma\ data, combination of a plurality of original data 

formed by edSng the ^To^^TuZlo " T™' ft ^ * 3 * ° ri ^ a?data and 

^»tool.wrtichisana^ication%n^ Se^^ . 6 arran 9 ements ' combination of 

the edited copyrighted^ obtain^ by ed.^ng 2n be £222""* ^ ^ USer ^ 3riSe 

expressed by data of the utilized oric/nal coovrXS ' ' a secondary exploitation right as a second- 
data, the information of the usaS^rtS^ 50 S ^'f ' ^ ' S neCeSS3ry l ° be pro1ec1ed - A,so ' 

process data. Specifically, in case the ^So i 22 SL^T 1 ** 251^° ' C ° UrSe ' ^ " ^ 

We. rt is possible to reproduce the edited copyrighted £1'qL ^ by the USer 

data by obtaining the original copyright^aTa aS tS h. 9 ' for pr0dudn 9 new data D 

editing process data P^O""* data and the by using a plurality of original data A. B and C. This 

Description on editing digital data will be qiven 55 wiS^l! J!f cut - and -P aste technique in 

Because digital data is edited by us ng a Z«no TV^i ? ^ (CUtt ' n9 OUt) elemente 

program (edit tool) and thereby aJterir^oSa^^te '/ original data A. B and C and attach- 
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Further, there is a data linkage technique which 
links a plurality of data objects. In this data linkage tech- 
nique, object linkage part is arranged in "slot" of data 
object referred to as "pad". The "pad" is linked with other 
"pad" by the "slot", the operation of which is called "slot 5 
connection" so that the objects are linked with each 
other. Inter-relationship of a plurality of objects linked in 
this way is represented by a tree structure, and thus rep- 
resented tree structure can be used for deletion or addi- 
tion of the object. 

1 10 

While it is clear that original data and user data are 
data, the editing process: alteration of original data, 
arrangement change of original data, combination of 
original data with user data, division of original data and 
combination with user data, combination of a plurality of is 
original data each other, combination of a plurality of 
original data with user data, division and arrangement 
change of a plurality of original data, and combination of 
divided plurality of original data with user data, are also 
data - ™ 

20 

When noticing that editing scenario of data, such as 
arrangement of original data and process of editing, is 
also data, the secondary copyright on edited data can 
be protected by managing the user's copyright about 
data of editing process in addition to the original copy- 25 
right of the author on the original data and the user's 

copyright on the user's data. ~ 

That is, it is possible to ensure to manage the cop- 
yrights of edited data as well as of original data, if it is 
regarded that the edited data is constituted of original 30 
data, user data and editing scenario, and thus, by man- 
aging these original data, user data and editing sce- 
nario. In this case, the editing program used for editing 
data may be managed by the data management system 
of data copyrights, if necessary. 35 

While the above data editing of original data can be 
performed by using an editing program corresponding 
to the original data, by handling the original data as 

object-oriented software which has recently been 

focused on. it is-possible to facilitate further editing of " 40 
data and manage more preferably copyrights of data. 
Moreover, by adopting agent-oriented software, a user 
can synthesize data with little labor. 

The agent-oriented software, unlike the conven- 
tional one, is a program having autonomy, flexibility and as 
cooperativeness, which is able to meet a user's request 
with its characteristics of autonomy, flexibility and coop- 
erativeness in accordance with only a general instruc- 
tion of the user without specifically giving every 
operation instruction to the software. 50 

By incorporating the agent program into a basic 
system of a data copyright management system so that 
the database utilization of a user is watched, and it is 
arranged that information including data utilization con- 
dition and charging is collected at the database or the ss 
copyright management center, using metering function 
placed in user terminal, and thus, it is possible to know 
the database utilization condition of the user at the data- 



base side or the copyright management center side and 
achieve more accurate copyright management. These 
agent program and its data are also necessary to be 
protected in copyrights, and therefore, are encrypted 
like original data. 

In this third ernbodiment shown in Fig. 10, the cop- 
yright label in the first and the second embodiments 
already described added with the editing scenario is 
called "edit label", and this is treated in the same man- 
ner as the copyright label in the first embodiment The 
handling of keys, relationship between the original 
author, the information provider, and the user, as well as 
the handling of labels are the same as m the first 
embodiment, and detailed description is not given here. 

(1) The original author A presents the original cop- 
yright label L0 and requests the data management 
center Cd to distribute original secret-key KsO. 

(2) When requested to distribute the original secret- 
key KsO, the data management center Cd encrypts 
the original secret-key KsO corresponding to the 
original copyright label L0 using public-key Kba of 
the original author A: 

CksOkba = E (KsO, Kba) 

and distributes the encrypted original secret-key 
CksOkba together with the original copyright label 
L0 to the original author A. 

In this case, the data management center Cd 
performs one-way hash to the original copyright 
label L0 using algorithm such as MD 5, for example, 
to 16-byte data amount, prepares an original copy- 
right label fingerprint F0, and distributes it to the 
original author A. This electronic fingerprint is pre- 
pared on each of the original copyrighted data and 
edited copyrighted data each time the original cop-_ 
. yrighted data is edited and edited copyrighted data 
is obtained and is transferred, together with the 
copyrighted data. 

(3) When the encrypted original secret-key 
CksOkba is distributed, the original author A 
decrypts the encrypted original secret-key CksOkba 
using private-key Kva of the original author A: 

KsO = D (CksOkba, Kva), 

encrypts the original copyrighted data MO using the 
decrypted original secret-key KsO: 

CmOksO = E (MO. KsO) 

and transfers the encrypted original copyrighted 
data CmOksO, the original copyright label LO and 
the original copyright label fingerprint FO to the first 
user U1. 
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(4) When the encrypted original copyrighted data 
CmOksO, the original copyright label LO and the 
original copyright label fingerprint FO are trans- 
ferred, the first user U1 presents the original copy- 
right tabel LO. the original copyright label fingerprint s 

and f,rsl user label Lul and requests the data 
management center Cd to distribute the original 
secret-key KsO. 

(5) When requested to distribute the original secret- w 
key kso, the data management center Cd confirms 
validity of the presented original copyright label LO 
using the original copyright label fingerprint FO and 
rasters the first user label Lu1. At the same time 
the original secret-key KsO corresponding to the is 
orig.nal copyright label LO is encrypted using public- 
key Kb1 of the first user U1 



20 



CksOkbl = E (KsO. Kb1) 

and the encrypted original secret-key CksOkbl is 
distributed to the first user U1 . 



(6) When the encrypted original secret-key 
CksOkbl is distributed, the first user U1 decrypts 2s 
the encrypted original secret-key CksOkbl using 
private-key Kvl of the first user U 1 • 



KsO = D (CksOkbl. Kv1). 

decrypts the encrypted original copyrighted data 
CmOksO using the decrypted original secret-key 
KsO: 

MO = D (CmOksO. KsO). 



30 
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and edits the decrypted original copyrighted data 
MO using the edit tool and obtains edited copy- 
righted data Mel. 

The edited copyrighted data Me1 thus obtained- w 
contams copyright of the first user, who edited the 
data, and also copyright of the original author who 
prepared the original copyrighted data. The copy- 
right of the original author relating to the original 
copyrighted data MO can be protected by the origi- « 
nal copyright label LO which has been registered 
original copyright label fingerprint FO and the origi- 
nal secret-key KsO corresponding to the original 
copyright label LO and also by the first user label 
Lul and the first secret-key Ks1 corresponding to so 
he first user label Lul. However, because no key 
for encrypting the edited copyrighted data Me1 is 
available, the secondary copyright of the first user 
relating to the edited copyrighted data Me1 is not 
yet protected. 

55 

(7) To protect the secondary copyright of the first 
user relating to the edited copyrighted data Mel. 



label of the first user, who is the author of the edited 
copyrighted data, and its electronic fingerprinting 
are used in the third embodiment. 

As already described, the edited copyrighted 
data can be expressed by data of the utilized origi- 
nal copyrighted data, information of the used edit 
tool and the editing scenario (editing process data). 
Accordingly, these informations and data are 
entered in the first user label, i.e. the first edit label 
Le1 . Further, to protect secondary exploitation right 
as the secondary copyright in subsequent distribu- 
tion process, the user U1 presents the first edit 
label Le1 to the data management center Cd so 
that the secondary copyright of the user U1 is reg- 
istered. 

(8) When the first edit label Le1 is presented, the 
data management center Cd confirms validity of the 
presented original copyright label LO using the orig- 
inal copyright label fingerprint FO and registers the 
first edit label Le1. At the same time, the electronic 
fingerprint Fe1 of the first edit label Lei is prepared, 
and first edit secret-key Kse1 corresponding to the 
first edit label Le1 is encrypted by public-key Kb1 of 
the first user U1 at the data management center: 

Ckselkbl =E(Kse1. Kb1), 

and the encrypted first edit secret-key Ckselkbl is 
distributed to the first user U1 together with the 
electronic fingerprint Fe1 of the first edit label Let. 

(9) When the encrypted first edit secret-key 
Ckselkbl and the electronic fingerprint Fel of the 
first edit label Let are distributed, the first user U1 
decrypts the encrypted first edit secret-key 
Ckselkbl using private-key Kv1 of the first user U1: 

Kse t = D (Ckset kb VKvt ) - 

encrypts the first edited copyrighted data Me1 
using the decrypted first edit secret-key Kse t: 

Cmetksel = E (Me1, Kse1) 

and transfers the encrypted first edited copyrighted 
data Cmelksel to the second user U2 together 
with the first edit label Le1. and the electronic fin- 
gerprint Fel of the first edit label Le1 . 

Then, the same operation is repeated. 

In the third embodiment, only the first edit label Let 
and the electronic fingerprint Fet of the first edit label 
Le1 are transferred together with the encrypted first 
edited copyrighted data Cmelksel when edited data 
transfer, while it is possible to arrange in such manner 
that the other labels and electronic fingerprints can be 
simultaneously transferred. 
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In the edrting by utilizing a plurality of copyrighted 
date as shown in Rg. g. operation is complicated 
because there are a large numbers of copyrighted data 

IS 1 Descn "P tion 58 "<* given here to avoid 5 
lengthy explanation. 

em h!l ,he SySt6mS ° f 016 first ** second the third 
!^I^ entedeSCribed ^ *» Righted data is 
encrypted us.ng secret-key. and the secret-key for its 
decrypt™ and secret-key for re-encryption used for 10 
storage, copying and transfer are distributed by the data 
management center based on the user label presented 
by the user. 

The secret-key for decryption and the secret-key for 

Z^ll f 6 6nCrypted by the user P*lic-tay. rs 
whose va drty have been certified by the data manage- 
ment center ,n advance. Thus, these secret-keys are 

B^?,H erWied by ,hS data cement center. 
^ J 686 secret - h *« ™ used to encrypt the cop- 

be transferred consequently is aiso certified by the data 
management center. Because certification by the data 
management center is of absolute nature, it is a hierar- 
chy type certification system represented by PEM 
t ran £l!^l her hand ' ^^nted data itself is ss 
£Z Z f 6tWeen 1hS USers wifnout bein 9 transferred 
f5 manaQernerrt cen »er. and that might well be 
said that ttie certification carried out in this process is a 

ZZSSSF" tYPe C6rtficato " ^em repre- ^ 

iha ^^ Cflbed above - * is Possible by the system of 
tte embod.rnents to attain a certification system, which 
has h.gh rel.ab.lrty of the hierarchical type certification 

S2T &SS *° hand,e of ' lhe horizontal distrib- 

uted type certification system. ^ 

b * avior 30(1 wtent of behavior of the users 
who ufthze the copyrighted data are all identified at the 

h!L rna^a9eme^, ° enter by *» user ,abe ls presented 
vLm Jf ™- UtiKzati0n ^'"ding editing of the cop- 
" Sr th t ? barried out via the da * management 40 
firmS ^^i 6 ' dentity ^ tne user ca" be reliably con- 
f.rmed. By conf.rming the contents and course of behav- 
ior .contents and history of the copyrighted data can be 
certified. In th.s certification of the contents is applied to 

tents of deal-ngs by the data management center i e to 
perform "electronic notarization". 

i ah . Wh6 ? 5 i9ita ' si 9 nature ^ put on user label or on edit 
Sf Lrf i oom » ,uter virus en< ers the user label or the 
edrt label, the data of the label changes. As a result, so 
hash value changes. Therefore, by verifying the digital 
signature, rt .s possible to detect intrusion of computer 

to r £ch Ven , d,9ita ' S '' 9nature is not aiven . if ^ning 
ShJ- V ? 15 perforrned - «he user label or the edrt 
label is made unavailable by the changed hash value ss 
ana intrusion of computer virus can be detected. 



[4th Embodiment] 



In case of distributed object system represented by 
license network system, the use of network computer to 
perform only input/output of data and data processing 
and not provided with data storage unit is adopted 
instead of conventional type computer, which pos- 
sesses data storage unit of large capacity. Further the 
use of a network computer similar to a terminal unit of 
large s.ze computer, having only input/output function of 
data and not provided with data processing unit is also 
considered. This network computer does not have data 
storage unit and cannot store or copy the copyrighted 

Qola. 

Next, description will be given on an embodiment 
which can also be applied to a network computer not 
provided with data storage unit and used in the distrib- 
uted object system. It is needless to say that this 
embodiment is also applicable to an ordinary computer 
provided with data storage unit. 

To protect data copyright, it is necessary to use 
some sort of encryption technique to restrict unauthor- 
ized utilization of the copyrighted data. In the first the 
second, and the third embodiments described above to 
protect copyright in a system for an ordinary computer 
having data storage unit encrypted copyrighted data 
and labels not encrypted as clues to utilize the copy- 
nghted data are used. 

In contrast, in a system for a network computer 
wh.ch has only the function of the above-mentioned ter- 
minal unrt. the copyrighted data is not stored, copied or 
transferred, and there is no need to encrypt the copy- 
righted data. 

As already explained in the third embodiment, the 
editmg of copyrighted data is performed by modifying 
the origmal copyrighted data using the edit tool, and the 
edited copyrighted data thus obtained can be 
expressed by the utilized orjginal_copyrighted_data — 
information of the used edit tool and the editing sce- 
nario. 

This is the same in the distributed object system In 
case edited copyrighted data is produced by utilizing the 
copyrighted data in the database existing on the distrib- 
uted object system, the edited copyrighted data can be 
reproduced by specifying the utilized database the 
used onginal copyrighted data, information of the used 
edit tool and the editing scenario. The same applies to 
the case where a plurality of copyrighted data obtained 
from a single database or a plurality of databases are 
utilized. 

Description will be given now on the fourth embodi- 
ment referring to Fig. 11. 

In this embodiment, the original copyright owner 
and the information provider (IP) holding the copy- 
nghted data are discriminated from the user who does 
not hold copyrighted data, and are arranged on the net- 
work side with the data management center and the 
like. In the system of this embodiment, public-key and 
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E22Z» ^ " ° ri9inal data is 

en™£?h!° 3 ^ 0ri9ina ' Righted data is 

f "? 3 S6Cret " key 3 of 're- 

ferred destination for the purpose of security. 

and^il? U1 SearBhes ^ "Wnghted data 
n2l!^ S "j* 6888 * cop/righted data utilizing the 
neJ*ork. broadcasting or recording medium. The col- 

™™ C °^' 9hted fe sim P'y stored temporarily on 
memory of the user U1. Even when data storage unit 

user Ul ^ dfSk ^ iS induded in the d *" ce °f 
user U1. the copyrighted data is not stored in the data 
storage unit. 

In order that the copyrighted data is not stored 
when there * an attempt to store it, inhibition of storage 
of the copyrighted data is performed by destroying the 
copynghted data on memory, changing data header on 

rTJT* , r™" 19 thG data to one - wa y value, 
changmg file name to non-storable file name etc 

While rt is possible to inhibit the storage by data 

storage inhibition program, which is incorporated in the 

program of the copyrighted data having object structure. 

isfen^ ? 5 accom P ,ished * ^e borage inhibition 
s performed by an operating system, which is related to 
the entire system or to the user's device 

Description will be given on a case where a plurality 
^copyrighted data are utilized in the fourth embodi- 



Pe = D (Cpekbl, Kv1). 
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0)(2)The f.rst user (J1 presents the first user label 
Lul to the data management center, collects the 
original copyrighted data MOi (i = 1 . 2 3 ) 
from data library of the information provider IP in 
the system and obtains an edit tool Pe. In this case 
the ongmal copyrighted data MOi and the edit tool 
Pe are encrypted using public-key Kb1 of the first 
user U "J * 

CmOikbl = E (MOi. Kb1) 
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_ Gpekb1-= E (PerKbl) 

a rL-H£ e " crypted or, '9''nal copyrighted data 
OmOikbl and the encrypted edit tool Cpekbl are 
distributed to the first user U1 . 

In this case, the first user labef Lul is referred 
and utilizing conditions of the original copyrighted 
data MOi and the edit tool Pe are recorded at the 
data management center and are utilized for charg- 
ing of a fee. y 

(3) When the encrypted original copyrighted data 
CmOikbl and the encrypted edit tool Cpekbl are 
distributed, the first user Ul decrypts the distributed 
encrypted original copyrighted data CmOikbl and 
the encrypted edit tool Cpekbl using private-key 
Kvl of the first user Ul 

MOi = D (CmOikbl , Kvl) 
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Using the decrypted edit tool Pe. the decrypted 
original copyrighted data MOi is edited, and a first 
edited copyrighted data Mli (i = 1. 2 3 ) 
is obtained. 

(4) Obtaining the first edited copyrighted data Mli 
the first user U1 encrypts a first scenario S1i. which 
is the editing process data for the first edited copy- 
righted data M1i. using public-key Kbc of the data 
management center: 

Cs1ikbc = E(Sli.Kbc) 

and presents the encrypted first scenario Cslikbc 
together with the first user label Lu1 to the data 
management center, so that secondary copyright of 
the user U1 is registered. 

(5) When the encrypted first scenario Cslikbc is 
presented, the data management center Cd 
decrypts the encrypted first scenario Cslikbc using 
pnvate-key Kvc of the data management center: 

SI i = D (Cs1 ikbc. Kvc), 

prepares a first edit label Le1 based on the pre- 
sented user label of the first user U1 and the 
decrypted first scenario Sli. stores it in the data 
^management center Cd. encrypts the first edit label 
Le1 using public-key Kb1 of the first user U1: 

Clelkbl = E(Lei. Kb1), 

and transfers the encrypted first edit label Clelkbl 
to the first user U1. 

— (6)_When the encrypted first edit larJel~ Clelkbl is 

transferred, the first user U1 decrypts the encrypted 
first edit label Clelkbl using private-key Kv1 of the 
first user U1: 

Le1 = D (Clelkbl, Kv1), 

encrypts the decrypted first edit label Le1 using 
public-key Kb2 of the second user U2: 

Cle1kb2 = E(Le1,Kb2) 

and transfers the encrypted first edit label Cle1kb2 
to the second user U2. but the first edited copy- 
righted data M1i or the encrypted first edited copy- 
righted data is not transferred to the second user 

When the computer of the first user U1 is pro- 
vided with a data storage unit, there is possibility 
that the collected copyrighted data or the edited 
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copyrighted date may be stored in the storage unit 
however, storage inhibition as described above is 
earned out to exclude storage, copying and transfer. 

In this case, it is possible, instead of the 
encrypted first edit label Cle1kb2. to use electronic 

^T? 1 / 1 ' Which is ° b,ained * tumi "9 the first 
edrt label to one-way hash value. In so doing, it is 
possible to perform simplified transfer of the edit 
label by telephone voice. 

(7) When the encrypted first edit label Cle1kb2 is 
1h * second u «r U2 decrypts the trans- 
ferred encrypted f.rst edit label Cle1kb2 using the 
private-key Kv2 of the second user U2- 
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Le1 =D(Cle1kb2. Kv2). 

Key Kv2 of the second user U2: 

Cle1kv2 = E(Le1, Kv2) 

and presents the encrypted first edit label Clelk^ 
together with the second user label Lu2 to the data 
management center Cd 

25 

(8) When the encrypted first edit label Cle1kv2 and 
«ie second user label Lu2 are presented, the data 
management center Cd decrypts the presented 

SSSE! ,irst !? ,abe ' c,e1kv2 usins 30 

Kb2 of the second user U2: 



Le1 = D (Cle1kv2. Kb2). 

collects the original copyrighted data MOi shown on 
the decrypted first edit label Le1. edits the original 
copynghted data MOi using the edit tool Pe based 
on the first scenario Sli described on the first edit 

JL! ' 3nd 'W*^ *ie first edited copy- 
righted data M l i - — Hy — 

r ~ ^ & V he fifSt edited W'Qhted data Mli is 
reproduced, the data management center Cd 

th nC 2S! th , e D ,irSt edfted °°Py ri 9hted data M1i and 
the edrt tool P e using the public-key Kb2 of the sec- 
ond user U2: 
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Cm1ikb2=E(M1i, Kb2) 
Cpekb2 = E (Pe, Kb2) 

SlStSlT enCryptecifirst ^'^copyrighted data 
ond u!2 ****** ,0 °' C P eWjZ to the sec " 

(9) When the encrypted first edited copyrighted 
data Cml ikb2 and the encrypted edit tool Cpekb2 
are distributed, the second user U2 decrypts the 
distributed encrypted first edited copyrighted data 
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Cm1ikb2 and the encrypted edit tool Cpekb2 usino 
private-key Kv2 of the second user U2: 

M1i = D(Cmlikb2, Kv2) 

Pe = D (Cpekb2, Kv2) 

and edits the decrypted first edited copyrighted 
data M1i using the decrypted edit tool Pe. and the 
second edited copyrighted data M2i (i - 1. 2 3 
) is obtained. 

(10) When the second edited copyrighted data M2i 
is obtained, the second user U2 encrypts the sec- 
ond scenario S2i, which is editing process data of 
the second edited copyrighted data M2i, using the 
pubhe-key Kbc of the data management center. 

Cs2ikbc = E (S2i, Kbc) 

and presents the encrypted second scenario 
Cs2.kbc together with the second user label Lu2 to 
the data management center Cd. 

(1 1) When the encrypted second scenario Cs2ikbc 
is presented, the data management center Cd 
decrypts the encrypted second scenario Cs2ikbc 
using the private-key Kvc of the data management 
center Cd: 

S2i = D (Cs2ikbc. Kvc). 

prepares a second edit label Le2 based on the pre- 
sented user label of the second user U2 and the 
decrypted second scenario S2i. stores it in the data 
management center Cd. encrypts the second edit 
label Le2 using public-key Kb2 of the second user 

Cle2kb2=E(Le2, Kb2) 

and transfers the encrypted second edit label 
Ue2kb2 to the second user U2. 

(1 2) When the encrypted second edit label Cle2kb2 
»s transferred, the second user U2 decrypts the 
encrypted second edit label Cle2kb2 using private- 
key Kv2 of the second user U2: 

Le2 = D (Cle2kb2, Kv2), 

encrypts the decrypted second edit label Le2 using 
public-key Kb3 of the third user U3 : 

Cle2kb3 = E (Le2, Kb3) 

and transfers the encrypted second edit label 
Cle2kb3 to the third user U3. Then, the same oper- 
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ation is repeated. 



In the fourth embodiment using this distributed 
object system, the copyrighted data is not stored by the 
user, but it is stored only in the database. On the other s 
hand the user controls and stores only the edit label. 
ue.. the information relating to user and editing, which 

»nw !h m !!'° n thS Ut, "' zed ori 9 fnal copyrighted data 
and the used edrt tool, the editing scenario and the infor- 

^rZl Iff Wh ° h3S edited - ° n, y this «*» label is to 
encrypted and transferred between the users There- 

ferTed C0Pyri9ht6d data is not stored . copied or trans- 

Also. in the system of this embodiment, only the 
public-key and the private-key are used, and validity of is 
this publ.c-key , s certified by the data management 
center ,n advance, and certification by the date man- 
agement center is of absolute nature. Accordingly it is a 
h,erarch,cal type certification system represented by 

T"U 20 

THe edit label to be transferred is encrypted by the 
user* public-key. the validity of which has been certified 
in advance by the data management center, and it is 

S Ju" 8, itS 00,1160,5 are re,iable 38 * is Wi- 
S S ? "l! d3ta mana 9 emen ' center. The edit *s 
label rtself ,s transferred between the users without 

be,ngtran S ferredtothedaternanagementcenter.andit - 
m,ght well be said that it is horizontal distributed type 
certification system represented by PGP. 

svstem o^ Cr,bed S Ve ' A iS P 085 " 6 aCCordin 9 to tn e » 
system of th.s embcd.ment to attain a certification sys- 

Tl ? h3S hi9h re,iabi,ity of ,ne hierarchical type 
certrf icat.cn system and easiness to handle of the hori- 
zontal distributed type certification system 

Behavior and contents of behavior of the users uti- 35 
-ring the copyrighted data are all identified by the user 

SlfT , b/ tHe US6rS 81 •» data management 
T^ 6 ut,l,zat,on incl "ding editing of the copy- 
righted data is carried out through the.data manage-^ - - 

t Jt V confirmed ' and ^ confirming the contents 
and the course of behavior, contents and history of the 
copyrighted data can be certified. When this certifica- 
tion of contents is applied to electronic commerce, it is 
poss.ble to certify the contents of dealing by the data « 
management center, i.e. to perform "electronic notariza- 
tion . 

Further, in case digital signalure is put on the user 
abel or on the edit label, and if computer virus enters 
the user label or the edit label, the data of the label is so 
changed, and as a result, change occurs in the hash 
value. Therefore, by verifying digital signature, it is pos- 
sible to detect intrusion of computer virus. Even when 
digital signature is not given, rf turning to hash value is 
performed, the user label or the edit label are made ss 
unavailable depending upon the changed hash value 
Thus^ it is possible to detect intrusion of computer virus 
Because behavior and contents of behavior of the 



users utilizing the copyrighted data are all identified by 
the user label presented by the users at the data man- 
agement center, every charging system on the above 
functions effectively. 

[5th Embodiment] 

An embodiment in which a system of the present 
invention is applied to the electronic commerce will be 
given. A basic case is at first, explained in which all of 
the processings are performed through mediator as a 
data management center, referring to Fig. 12 A. 

(1) User U looks a products catalogue of the medi- 
ator S via network, and requests the mediator S 
electronic commerce data Qm as dealing data 
including quotation for desired products and infor- 
mation of order form and payment terms. 

(2) When requested the electronic commerce data 
Qm. the mediator S encrypts a request Ft of the 
electronic commerce data Qm and first secret-key 
Ks1 by using public-key Kbm of maker M: 

Crkbm = E (R. Kbm) 

Ckslkbm = E (Ks1. Kbm) 

and transfers encrypted request Crkbm and 
encrypted first secret-key Ckslkbm to the maker M. 

(3) When received the encrypted request Crkbm 
and encrypted first secret-key Ckslkbm. the maker 
M decrypts the transferred encrypted request 
Crkbm and encrypted first secret-key Ckslkbm by 
private-key Kvm of the maker M: 

R = D (Crkbm. Kvm) 

Ks1 = D (Ckslkbm, Kvm) 

encrypts electronic commerce data Qm corre- 
sponding to the request Ft by using decrypted first 
secret-key Ks1: 

Cqmksl = E (Am, Ks1) 

and transfers encrypted electronic commerce data 
Cqmksl to the mediator S. 

(4) When received the encrypted electronic com- 
merce data Cqmksl. the mediator S decrypts 
transferred encrypted electronic commerce data 
Cqmksl by using the first secret-key Ks1 : 

Qm= D (Cqmksl, Ksl), 

encrypts again the decrypted electronic commerce 
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data Qm by using second secret-key Ks2: 

Cqmks2 = E (Qm, Ks2), 

Cks2kbu = E (Ks2, Kbu) 
S d m L a 2 nSf 7nH enCryPted 6,eCtr0n, ' C COmmerce ^ta ro 

^*Eur?r d second sec ^ 

S!L£r? encrypted sec ° nd » 

SSt rl?£ U d6CryptS encr *> led 

uS U by USin9 ******* Kvu of 
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Ks2 = D(Cks2kbu. Kvu). 
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e,eCtr ° nic ^ta 
Cqmteg by usmg decrypted second secret-key 

Qm = D (Cqmks2, Ks2), 

edits electronic"corr^erce"data Qm by enterina 
^ZJ X T m int ° e,eC,r ° nic «"nicTS? 
Qu thus filed ,n. by using the second secret-key 



Cquks2 = E (Qu, Ks2) 
Zl^rT 8nCryPted ° rder She6t *° 
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(6)J men received encrypted order sheet Cquks2 

^^ tt ^^ BG V^ 9i& ^ order s ,2er^ ~ 

Cquks2 by tis.ng the second secret-key Ks2: 

Qu = D (Cquks2, Ks2), 

Cqukbm = (Q Uj Kbm) 

ZSSS?" 9 enCryPW ° rder Sh6et 0f ^ Um to *° 
When received encryptd order sheet Cqukbm 

SuZ r decrypts encryptd «£i 

Cqukbm by usmg private-key Kvm of maker M: 

Qu = E (Cqukbm, Kvm) 55 
and the order is accepted and handled according to 



order contents of the decrypted order sheet Qu 

Next an example of exceptional case when a 
user orders directly to a maker will be explained 
referring to Fig. 12B. *prainea, 

In the exceptional case, steps before above- 
mflT? ( ?' WhiCh enc W ela*onic «Tm- 
Z cm^^ and secret- 
key Cks2kbu are transferred to user U. are same 
«eps as bas,c case as shown in Fig. 12A. And 

w deta,,ed descri P«°n is not given 

here, and description of steps different from basic 
case is given. 

(7) i When received encrypted electronic commerce 

Cks2kbu. the user U decrypts encrypted second 
secret-key Cks2kbu by using private-key Kvu oTthe 

user u . 

Ks2 = D (Cks2kbu. Kvu). 

?2K enaJPted eleCtr0nic commerce data 
0qn*s2 by using decrypted seCQnd secref . key 



Qm = D (Cqmks2. Ks2), 

^rn e l 0rd w, C0 ^ entS int ° ^«*Onfc 
commerce data Qm. i.e.. performing data editing. 

th ord ,L sheet Qu ' encrypte 1,16 order «*ei 

Ks2- by " Sin9 the second secret-key 

Cquks2 = E (Qu, Ks2) 
wkvM** 5 enCfypted order ^ to the 

-(8) When received enci^ed order"shee"t 'cqjka' 

SiSf* tfanSferS ,hS encrypted order sh eet 
Cquks2 to the mediator S. 

(9) When received encrypted order sheet Cquks2 

rl*f?° r Sdecf yP ts fte en =rypted order sheet 
oquks2 by using second secret-key Ks2: 

Qu = D (Cquks2. Ks2). 

encrypts decrypted order sheet Qu by using public- 
Key Kbm of maker M: 

Cqukbm = E (Qu, Kbm) 
and transfers it to the maker M. 

r!?L Wh ! n feCeiV6d encr VPted order sheet 
Cqukbm, the maker M decrypts the encrypted order 
sheet Cqukbm by using private-key Kvm of maker 
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M: 



Qu = D (Cqukbm, Kvm) 

and handles the order acording to contents of the 
order sheet Qu. 

«» J k* 1 , ^ 1 e ' ectronic commerce system, computer soft- 
wear handled via network other than commercial prod- 
ucts, can be also applied in dealings 

In this case, softwear P is encrypted by maker M by 
using private-key Kvm of the maker M: 

Cpkvm = E (P. Kvm). 

encrypted softwear Cpkvm is transferred to mediator S 
encrypted softwear Cpkvm. thus transferred, is 
decrypted by the mediator S by using public-key Kbm of 

P = D (Cpkvm. Kbm), 

decrypted softwear P is encrypted by the mediator S by 
using public-key Kbu of user U: 

Cpkbu = E(P. Kbu). 25 

encrypted softwear Cpkbu is transferred to the user U 
and the transferred encrypted softwear Cpkbu is 
decrypted by the user U by using private-key Kvu of 30 
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encryption and decryption is rather high. In case that 
the data and label are transferred via network these are 
re-encrypted by secret-key and in addition, are 
encrypted by public-key. Therefore, in order to utilize the 
transferred data and label, these are necessary to be 
decrypted by private-key and in addition, to be 
decrypted by secret-key. 

In order to reduce the burden of encryption and 
decryption, while partly encrypting is described as 
shown in Figs. 4A to 4G, if the processing ability of the 
user device is not high, even when partly encrypting 
performing both processings of encryption/decryption 
by secret-key system, which is for copyright manage- 
ment and encryption/decryption by pubic-key system 
which is for data security, is yet difficult. 

To cope with the above problems, encryp- 
tion/decryption, which is processing other than encryp- 
tion/decryption for protecting transferred data or label 
may be performed, for example, by an entity in the net- 
work, and encrypted/decrypted data or label is trans- 
ferred to a user. While encryption/decryption for 
protecting transferred data or label is performed gener- 
ally by public-key cryptosystem, this encryption/decryp- 
tion is performed by a device of user. 

Above processing of encryption/decryption per- 
formed by an entity in the network may be applied to the 
case of reproduction of edited copyrighted data in the 
third and forth embodiments. 

In the third embodiment, encrypted copyrighted 
data and non-encrypted edit label including editing sce- 
nario are transferred from one user to next user The 
non-encrypted edit label and corresponding secret-key 
are stored in data management center. The next user 
transfers transferred encrypted copyrighted data and 
non-encrypted edit label to the data management 
center, and therefore, the copyrighted data is decrypted 
and thus, edited copyrighted data is reproduced based 
on decrypted copyrighted data and the edit label at the 



In the basic case as described referring to Fig 12A 

thro'uoh Ih? *Z d6a,in9 Pr0CeSSiP9S are 
through the mediator, various troubles caused in omit- 
ting me mediator among dealing processes can be pre- 
viously prevented. In exceptional case as described 
referring to Fig. 12B , further, in order that the maker 
receives the content of order sheet and handles the 

S J! ^ encr yP*«J order sheet is 

transfixed to the mediator and decrypted by the medi- 
ator. Therefore, the mediator takes part in the dealing 
processes without fall in this case also, and thus 
vanous troubles caused in omitting the mediator among 
dealmg processes can be previously prevented. The 
secret-key which is transferred, may be transferred 
incorporated in electronic commerce data other than 
transferred alone. 

In each embodiment described hereinbefore while 
data or label is encrypted/decrypted, the burden of 



P = D (Cpkbu. Kvu). 

kSyS for encf yP ted softwear which is stored in 
recordmg medium such as CD-ROM are distributed on 
pay basis, and the crypt keys can be further, applied in 
dealings in the electronic commerce sv^m in in* 

manner of similar way for computer softwear desSibS ° n decrypted copyrighted data and the edit label at the 

abtwe _ R™T softwear described data management center. Thenrthe edited copyrighted 

' ■ M da 'a is transferred to the next user. 

In the fourth embodiment, encrypted edit label 
including editing scenario is only transferred from a user 
to next user. In contrast, the edit label is stored in the 
data management center. And therefore, the data man- 
agement center, by transferred encrypted edit label to 
the data management center by the next user, collects 
necessary original data based on the edit label and 
reproduces edited copyrighted data, and then, transfers 
the edited copyrighted data to the next user 
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Claims 
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Method for managing digital data to be transferred 
from an owner of data to a user of data via a com- 
munication network, with the steps: 

Providing secret-key. public-key. private-key, 
data owner label, user label and data label- 
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Unking a data management center to a public- 
key storage and a secret-key generator and 
arranging same on said communication net- 
work; 

Certifying the public-keys of said owner and 
said user, and storing of said data owner label 
said user label and said data label by the data 
management center; 

Presenting said data owner label and data 
label, and requesting a secret-key for data 
encryption from said data management center 
by said owner; 



said owner of data. 
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Prepanng a data label fingerprint from said 
data label and transferring secret-key for 
encryption which is encrypted by using said 
public-key of owner together with said data 
label fingerprint to said owner by said data so 
management center; 

Encryption of the data using said secret-key 
which is decrypted by using private-key of said 
owner, and transfer of said encrypted data 25 
said data label and said data label fingerprint to 
a first user by said owner 

Presenting user label of said first user, said 
data label and said data label fingerprint, and 30 
requests a secret-key for decrypting said 
encrypted data and a secret-key forre-encrypt- 
•ng said data which is decrypted, to said data 
management center by said first user- 



3. Method according to Claim 1. wherein said digital 
data is edited by the user, and editing scenario of 
said digital data is added to said data label. 

4. Method according to Claim 3, wherein a secondary 
copyright is registered by presenting the user label 
of said user and data label having said editing sce- 
nario of said digital data to said data management 
center by said user. 

5. Method according to Claim 3 or 4. wherein there is 
a plurality of said digital data. 

6. Method according to Claim '1 , 2. 3. 4. or 5 wherein 
digital signature is performed on said data label. 

7. Method according to Claim 1. 2, 3. 4. 5. or 6 
wherein charging a fee is performed by presenting 
the user label of said user and said data label to 
said data manaement center by said user. 

8. Method according to Claim 7. wherein the charging 
a fee is performed by metering bill payment method 
based on use results. 

9. Method according to Claim 8. wherein the metering 
data based on use results is stored in said data 
management center. 



Confirmation of validity of said data label by 
said data label fingerprint, registering of said 
user label of first user, and transfer of said 
secret-key for decrypting encrypted data and 

said -secret-key for-re-encrypting" decrypted 

data, both of which are encypted by using the 
public-key of said first user, to said first user by 
said data management center; and 

Decryption of said secret-key for decryption 
and said secret-key for re-encryption by using 
the private-key of said first user, decryption and 
use of the encrypted data using said secret-key 
for decryption, encryption of the decrypted data 
using said secret-key for re-encryption to be 
stored and copied, and transfer of the 
encrypted data together with said data label 
said data label fingerprint and said user label of 
first user to the next user by said first user. 

Method according to Claim 1. wherein a copyright is 
registered by presenling said data owner label and 
sa.d data label to said data management center by 
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10. Method according to Claim 8. wherein the metering 
data based on use results is stored in a device of 
said user. 

11. Method according to Claim 7. wherein the charging 
a fee is performed by prepayment method. 

_ 12.. Method according to Claim 1 1. wherein the"prep^y-^ 
* ment data is stored in said data management 
center. 

1 3. Method according to Claim 1 1 . wherein the prepay- 
ment data is stored in a device of said user 

45 

14. Method according to Claim 1, 2, 3. 4, 5. 6, 7, 8. 9, 
10. 11. 12,or13. wherein said digital data has gen- 
eral file structure and only the data body thereof is 
at least partially encrypted. 

50 

15. Method according to Claim 14. wherein the part of 
said data body with encryption is continuously 
arranged in said data body. 

ss 16. Method according to Claim 14, wherein a plurality 
of parts of said data body with encryption is inter- 
mittently arranged in said data body. 
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17. Method according to Claim 1, 2, 3, 4, 5, 6, 7, 8, 9, 
10. 11. 12, or 13, wherein said digital data has gen- 
eral file structure, and data header and data body 
thereof are encrypted. 

18. Method according to Claim 17, wherein a part of 
said data header and at least part of said data body 
are encrypted. 

19. Method according to Claim 1, 2, 3, 4, 5, 6, 7, 8, 9, w 
10, 11, 12, or 13, wherein said digital data has gen- 
eral file structure and data header thereof only is 
encrypted. 



20. Method according to Claim 1 9, wherein at least part 
of said data header is encrypted. 
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21. Method according to Claim 1, 2, 3, 4, 5, 6, 7, 8, 9, 
10, 1 1 , 12, or 13, wherein said digital data has gen- 
eral file structure, and only label is encrypted. 20 

22. Method according to Claim 1, 2, 3, 4 t 5, 6, 7, 8, 9, 
10, 11. 12, or 13, wherein said digital data has 
object-formed file structure, and only method is 
encrypted. 25 

23. Method for managing digital data to be transferred 
from an owner of data to a user of data via broad- 
cast, a communication network or data recording 
medium, using public-key, private-key, user label 30 
and data label; with the steps: 

Unking a data management center and the 
owner to a public-key storage, and arranging 
on said communication network; 35 



using a secret-key and stored in the device of said 
user. 

27. Method according to Claim 24, 25 or 26, wherein 
said ditigal data is edited, and edit label is obtained 
by adding editing scenario of said digital data to 
said data label. 

28. Method according to Claim 27, wherein said edit 
label is only transferred to next user. 

29. Method according to Claim 28, wherein said edit 
label is encrypted by using public-key of said next 
user, and is transferred to said next user; 

said next user decrypts the encrypted edit label 
by using private-key of said next user and 
prensents decrypted said edit label to said data 
management center; 

said data management center transfers the diti- 
tal data based on said edit label to said next 
user; 

said next user uses and edits said digital data 
by editing scenario of said edit label. 

30. Method according to Claim 28, wherein said first 
user transfers said edit label to said next user; 

said next user presents said edit label to said 

data management center; 

said data management center transfers said 

digital data based on said edit label to said next 

user; 

said next user uses and edits said digital data 
by editing scenario of said edit label. 



Certifying the public-keys of said owner and 
said user and storage of said user label and 
said date label by said_data management- 
center; and" 

Obtaining said digital data and data label from 
said communication network by presenting 
said user label to use said digital data, which is 
not stored in a device of said first user after 
using said digital data by a first user. 

24. Method according to Claim 23, wherein said digital 
data is not stored in the device of said user by dele- 
tion of said digital data. 

25. Method according to Claim 23, wherein said digital 
data is not stored in the device of said user by turn- 
ing said digital data to one-way hash value. 

26. Method according to Claim 23, wherein said data 
management center is further linked to secret-key 
generator, and said digital data is encrypted by 



31. Method according to Claim 30, wherein said first 
user performs digital signature to said edit label by 

-using private-key of said'first user. 

40 

32. Method according to Claim 23, 24, 25, 26, 27, 28, 
29, 30 or 31, wherein there are a plurality of said 
digital data. 
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33. Method according to Claim 23, 24, 25, 26, 27, 28, 
29, 30 31 or 32, wherein charging a fee is per- 
formed by presenting said user label and said data 
label to said data management center by said user. 

34. Method according to Claim 33, wherein the charg- 
ing a fee is performed by metering bill payment 
method based on use results. 

35. Method according to Claim 34, wherein the meter- 
ing data based on use results is stored in said data 
management center. 

36. Method according to Claim 34, wherein the meter- 
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>ng data based on use results is stored in a device 
of said user. 

37. Method according to Claim 33, wherein the charg- 
ing a fee is performed by prepayment method. 

38. Method according to Claim 37, wherein the prepay- 
ment data is stored in said data management 
center. 

39. Method according to Claim 37, wherein the prepay- 
ment data is stored in a device of said user. 
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40. Method according to Claim 23, 24 25 26 27 28 

29 30, 31, 32, 33, 34, 35, 36, 37, 38 or 39,wherein is 
said drgrtal data has general file structure and data 
body thereof only is encrypted. 

41. Method according to Claim 40, wherein a part of 
said data body is encrypted. 
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42. Method according to Claim 41 . wherein the part of 
sa.d data body with encryption is continuously 
arranged in said data body. 



43. 
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Method according to Claim 41. wherein a plurality 
of parts of said data body with encryption is inter- 
mittently arranged in said data body. 

44. Method according to Claim 27, 28, 29, 30 31 32 30 
33 34, 35, 36, 37, 38, 39, 40, 41 , 42, or 43, wherein 
said digital data has general file structure, and data 
header and data body thereof are encrypted. 

45. Method according to Claim 44, wherein a part of 35 
sard data header and at least part of said data body 
are encrypted. 7 



46. _ Method according to Claim 23, 24 25 26 27 -28- 
29 ,30 , 31. 32, 33, 34, 35, 36, 37, 38 or 39, wherein 
said digital data has general file structure and data 
header thereof only is encrypted. 



47. Method according to Claim 46, wherein at least part 
of sard data header is encrypted. 
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48. Method according to Claim 23, 24 25 26 27 28 
29. 30. 31 32, 33, 34, 35, 36, 37, 38 or 39, wherein 
sad digital data has general file structure, and only 
label is encrypted. 5Q 

49. Method according to Claim 48, wherein a part of 
said label only is encrypted. 



51. Method for electronic commerce between producer 
and user via an agency, using secret-key, and pub- 
lic-key and private-key, with the steps; 

linking the agency to a public-key storage and a 
secret-key generator and arranging on a com- 
munication network; 

Requesting electronic commerce data 
from said agency by said user; 

Transfer of the request of said electronic com- 
merce data together with secret-key for encryp- 
tion, which is encrypted by using public-key of 
said producer, to said producer by the agency; 

Decryption of encrypted secret-key for encryp- 
tion by using private-key of said producer, and 
encryption of said electronic commerce data by 
using decrypted secret-key for encryption and 
transfer of the encrypted electronic commerce 
data to said agency by said producer; 

Decryption of said encrypted electronic com- 
merce data by using said secret-key for encryp- 
tion, re-encryption of decrypted electronic 
commerce data by using secret-key for re- 
encryption, and transfer thereof together with 
said secret-key for re-encryption, which is 
encrypted by using public-key of said user, to 
said user by said agency; 

Decryption of encrypted secret-key for re- 
encryption by using private-key of said user, 
decryption of encrypted electronic commerce 
data by using decrypted secret-key for re- 
encryption, making of order sheet by entering 
order content jnto. decrypted electronic-corn- -- 
merce data, encrypting said order sheet by 
using secret-key for re-encryption, and transfer 
of encrypted order sheet to said agency by said 
user; 

Decryption of said encrypted order sheet by 
using said secret-key for re-encryption, encryp- 
tion of the decrypted order sheet by using pub- 
lic-key of said producer, and transfer of 
encrypted order sheet to said producer by said 
agency; 

Decryption of the encrypted order sheet by 
using private-key of said producer, and accept- 
ing of the order by said producer. 



50. Method according to Claim 23 24 25 pr 01 oa M u 

29. 30 or 31, 31, 32, 33, 34 35 36 3 7 38 or 39 ? f ° re,eCtr0nic commerce according to Claim 

wherein said digital data has obipriWmnH n ' wherein said electronic commerce data has 

structure, and only method is encryS ' 9eneral fi ' 6 StruCture and body thereof only is 

encrypted. 
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S3. Method for electronic commerce according to Claim 
52. wherein the part of said data body with 
encrypted is continuously arranged in said data 
body. 



54. Method for electronic commerce according to Claim 
52 wherein a plurality of parts of said data body 
with encryption is intermittently arranged in said 
data body. 

55. Method for electronic commerce according to Claim 
51. wherein said electronic commerce data has 
general file structure, and at least part of the data 
header and at least part of the data body thereof 
are encrypted. 

56. Method for electronic commerce according to Claim 
51. wherein said electronic commerce data has 
general file structure and only at least part of the 
the data header thereof is encrypted. 

57. Method for electronic commerce according to Claim 
51. wherein said electronic commerce data has 
general file structure and only at least part of said 
label is encrypted. 

_ 58. Method for electronic commerce according to Claim 
51. wherein said electronic commerce data has 
object-formed file structure and method is 
encrypted. 
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Fig. 1A 



LABEL OWNER INFORMATION 



Fig. 1B 



LABEL OWNER INFORMATION + 

INFORMATION RELATING ORIGINAL COPYRIGHTE D OATA 

Fig. 1C 



LjgEL OWNER INFORMATION + 

St TnSI'^r^Jl NG 0RIGINAL COPYRIGHTED DATA + 
ED'T TOOL INFORMATION 4 EDITING SCENARIO 



Fig. 1D 



LABEL OWNER INFORMATION + 

Wf^r^^^S^- COPYRIGHTED DATA + 
EDITION PROGRAM + EDITING SCENARIO 
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Fig. 2A 
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Fig. 3A 




Fig. 3B 
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Fig. 4A 
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Fig. 5A 
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Fig. 7 
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(+ PUBLIC- KEY MANAGEMENT 4 SECRET- KEY GENERATING) 




Fig. 8 
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Fig. 9 
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Fig. 10 



/ n„„, DATA MANAGEMENT CENTER 

(+ PUBLIC- KEY MANAGEMENT + SECRET- KEY GENERATING) 



(0 



A 



(2) (4) 
(7) 



A 



(5) 
(8) 



(3) 



U1 



(6) 



(9) 




Fig. 11 



U Puff^uT^Jr 0^ MANAGEMENT CENTER 
rUBLIC-KEY- MANAGEMENT + SECRET- KEY GENERATING) 




(2) (7) 
(5) (10) 



(6) 




32 



EP 0 833 241 A2 



Fig. 12A 
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